Starting with Log Analytics: Part 8 - Sending data to Log Analytics from Azure Automation and Data Collector API
In this post I will show you how to send data to a Log Analytics workspace through an Azure Automation runbook.
Other articles
- Part 1: Creating our first Log Analytics workspace
- Part 2: Importing your own datas into the workspace
- Part 3: Creating our first workbook
- Part 4: Add Intune datas into Log Analytics workspace
- Part 5: Running KQL queries in Log Analytics through PowerShell
- Part 6: Creating a lab by importing a CSV with fake data
- Part 7: Give your workbook a better look
- Part 8: Sending data to Log Analytics from Azure Automation (you are here)
- Part 9: Sending data from Log Analytics to Power BI (next one)
Context
Here we want to collect data that are not available in Log Analytics like data from Endpoint Analytics or something else.
You can find here an example of dashboard I created to collect BSOD data provided by Endpoint Analytics in Intune.
The automation script gets data with MS Graph then send them to a Custom log in Log Analytics.
Required information
We want to send data to a Log Analytics workspace.
For our need, below information are required:
- Log Analytics workspace ID
- Primary key
- Name of the log to create or update
You can find both Workspace ID and primary key in the Agents management part.
We will provide all those info into variables in our script.
Now we will configure our Azure Automation account.
Creating the account
1. Go to Azure
2. Go to Automation accounts
3. Click on Create
4. Type a name
5. Choose a Subscription
6. Choose the Resource group
7. Choose your region
8. Click on Create
9. Wait a bit
10. Click on Go to resource
Set Managed Identity
The managed identity will be used to authenticate to your tenant, this way we don't need to provide credentials.
It allows you to avoid the credentials part.
When you configure the managed identity, a new Azure Enterprise application will be created.
This one will be used to authenticate to our tenant.
You can get more info about Managed identity there.
For that we will proceed as below:
1. Go to your automation account
2. Go to Identity (Preview)
3. Go to System assigned
4. Select On
5. Click on Save
6. Click on Yes
Adding permissions
Once the Managed Identity has been configured a new Enterprise application will be created.
Then you need to add permissions to be able to actions.
Depending of what you want to do, permissions may change.
Here we want to play with Intune devices we will need below permissions:
The required permissions is the following:
- DeviceManagementConfiguration.Read.All
- DeviceManagementManagedDevices.Read.All
To add this permission you will need to use PowerShell, it can't be done through the portal.
For that we will use the below script:
You just need to fill below variables:
- $TenantID: your tenant ID
- $DisplayNameOfMSI: name of your automation account
Adding module
Depending of what youwant to do, you may need a specific module.
Here below we will implement the pnp.powershell module for playing with SharePoint.
For that we will proceed as below:
1. Go to your automation account
2. Click on Modules gallery
3. Search: pnp.powershell
4. Click on pnp.powershell
5. Click on Import
6. Click on OK
Our runbook script
Log Analytics part
We will first provide log analytics workspace id, primary key and custom log to variables:
We will first use the two functions provided by Microsoft:
- Build-Signature
- Post-LogAnalyticsData
Authenticate with managed identity
Next step is to authenticate to our tenant using the managed identity.
For that we will use the below code:
Use a bit of MS Graph
Here we want to collect data about Intune devices.
For that we will use MS Graph using the below code:
Convert data to array
Now we will convert our data to an array:
Convert data to JSON
Then we will convert our data to a JSON:
Send data to Log Analytics
The last step is to send content to the Custom Log in Log Analytics:
Creating the Runbook
1. Click on + Create a runbook
2. Type a name
3. In Runbook type, select PowerShell
4. Click on Create
5 Click on Edit on the runbook
6. Copy script content
7. Click on Publish
8. Click on Yes
9. Go to your Runbook
10. Click on Schedules
11. Click on + Add a schedule
12. Click on Link a schedule to your runbook
13. Click on + Add a schedule
14. Type a name
15. In Recurrence, select Recuring
16. Select what you want
17. Click on Create
1 commentaire
Hello Damien,
Can you help with an error i've got?
when running the ps code in the runbook,
i've recive the following error:
System.Management.Automation.CommandNotFoundException: The term 'Post-LogAnalyticsData' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
I've found a function on the internet,
imported it as a zip file as an module (same as pnp)
but no luck so far.
thanks,
Tom
Enregistrer un commentaire